web-design-guidelines
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): The skill fetches external content from githubusercontent.com. This finding is downgraded to LOW because the source belongs to a Trusted Organization (Vercel).
- [Indirect Prompt Injection] (HIGH): The skill design is highly vulnerable to indirect prompt injection. It fetches a markdown file from a remote URL and treats its content as authoritative instructions ('all the rules and output format instructions') to be applied to local files. Ingestion points: External command.md file fetched at runtime. Boundary markers: None; there is no isolation or instruction for the agent to ignore embedded commands within the fetched content. Capability inventory: Reading local files and generating output based on fetched logic. Sanitization: None; the skill blindly instructs the agent to 'apply all rules' from the external source.
- [Data Exfiltration] (MEDIUM): Although not explicitly present, the capability to read local files combined with remote instruction fetching creates a risk where a compromised external file could instruct the agent to exfiltrate sensitive local data.
Recommendations
- AI detected serious security threats
Audit Metadata